For medical device companies we conduct a thorough data-flow based risk analysis of your device. This can include risks:
- From not updating to more recent operating systems, or inappropriate or incomplete patching
- Secure software development considerations during device development. This can include development lifecycle reviews and source code analysis for embedded code, and application programming interfaces with downstream systems.
- Network based risks emanating from improper configurations in provider settings such as hospitals and clinics
Techumen’s approach, and accompanying risk assessment report, follows the recommended FDA method for gauging risk and address the following elements:
- Identification of assets, threats, and vulnerabilities;
- Assessment of the impact of threats and vulnerabilities on device functionality and end users/patients;
- Assessment of the likelihood of a threat and of a vulnerability being exploited;
- Determination of risk levels and suitable mitigation strategies;
- Assessment of residual risk and risk acceptance criteria.